CVE-2016-4868

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
References
Link Resource
http://jvn.jp/en/jp/JVN08736331/index.html Third Party Advisory VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/97713 Third Party Advisory VDB Entry
https://support.cybozu.com/ja-jp/article/9433 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-17 15:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-4868

Mitre link : CVE-2016-4868

CVE.ORG link : CVE-2016-4868


JSON object : View

Products Affected

cybozu

  • office
CWE
CWE-20

Improper Input Validation